<Vulnerability name="CVE-2026-58250">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Important</ThreatSeverity>
    <PublicDate>2026-07-08T19:48:55</PublicDate>
    <Bugzilla id="2498257" url="https://bugzilla.redhat.com/show_bug.cgi?id=2498257" xml:lang="en:us">
github.com/nats-io/nats-server: NATS Server: Denial of Service via repeated leafnode INFO messages during pre-authentication
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>7.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-476</CWE>
    <Details xml:lang="en:us" source="Mitre">
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO protocol messages before authentication and account setup completed. This issue is fixed in versions 2.12.8 and 2.11.17.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in NATS Server, a high-performance messaging system. An unauthenticated attacker with network access to a leafnode listener, where compression is enabled, could exploit this vulnerability. By sending repeated leafnode INFO protocol messages during the pre-authentication handshake, the attacker can cause the server to crash. This leads to a Denial of Service (DoS), making the server unavailable to legitimate users.
    </Details>
    <Statement xml:lang="en:us">
This is an Important denial of service vulnerability in NATS Server. An unauthenticated remote attacker with network access to a leafnode listener, configured with compression enabled, could repeatedly send INFO protocol messages during the pre-authentication handshake. This action would cause the NATS server to crash, leading to a denial of service for legitimate users.
    </Statement>
    <Mitigation xml:lang="en:us">
To reduce exposure, disable compression on NATS Server leafnode listeners if not strictly required for your environment. Alternatively, implement network access controls to restrict connectivity to leafnode listeners to only trusted clients. This limits the ability of unauthenticated peers to initiate the vulnerable handshake.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>nats-server2.12</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>nats-server2.14</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-58250
https://nvd.nist.gov/vuln/detail/CVE-2026-58250
https://github.com/nats-io/nats-server/commit/8dcb26eaea78fdcbe96dbee5986d6019fd5cb94a
https://github.com/nats-io/nats-server/commit/fc5fe39177533e9dbdd651d2458285bfae1dde27
https://github.com/nats-io/nats-server/releases/tag/v2.11.17
https://github.com/nats-io/nats-server/releases/tag/v2.12.8
https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67
    </References>
</Vulnerability>